﻿Imports System.Web.Security
Imports System.Data
Imports System.Data.SqlClient
Partial Class loginAdmin
    Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

    End Sub

    'NOTE: The following placeholder declaration is required by the Web Form Designer.
    'Do not delete or move it.
    Private designerPlaceholderDeclaration As System.Object

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
        'CODEGEN: This method call is required by the Web Form Designer
        'Do not modify it using the code editor.
        InitializeComponent()
    End Sub

#End Region

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        If Not login(removeSpeKey(TextBox1.Text), removeSpeKey(TextBox2.Text)) Then
            Label1.Text = "Sai username or password xin vui lòng nhập lại username,Password"
        Else
            Label1.Text = "Đang nhap thanh cong"
            If Seperate(Session("admin"), "quyen") = 0 Then
                Response.Redirect("../backoffice/order.aspx")
            End If
            Response.Redirect("loginSuccess.aspx")
        End If
    End Sub
    Private Function login(ByVal vUser As String, ByVal vPassword As String) As Boolean
        Dim sSql As String = "select * from admin where username =@user and password=@pass"
        Dim myConn As New SqlConnection(ConfigurationSettings.AppSettings("cons"))
        myConn.Open()
        'FormsAuthentication.HashPasswordForStoringInConfigFile(vPassword, "MD5")
        Dim MyCommand As New SqlCommand(sSql, myConn)
        MyCommand.Parameters.Add(New SqlParameter("@user", vUser))
        MyCommand.Parameters.Add(New SqlParameter("@pass", FormsAuthentication.HashPasswordForStoringInConfigFile(vPassword, "MD5")))

        Dim MyDr As SqlDataReader
        MyDr = MyCommand.ExecuteReader
        If MyDr.Read Then
            'Luu vao sestion
            Session("admin") += "{adminid=" + MyDr("idadmin").ToString + "}"
            Session("admin") += "{username=" + MyDr("username").ToString + "}"
            Session("admin") += "{hoten=" + MyDr("hoten").ToString + "}"
            Session("admin") += "{quyen=" + MyDr("quyen").ToString + "}"
            Session.Timeout = 40
        End If
        myConn.Close()
        If Session("admin") = "" Then Return False
        Return True
    End Function
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Session("admin") = ""
    End Sub

End Class
